Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormManuel Garcia CardenasPACKETSTORM:153071
HistoryMay 24, 2019 - 12:00 a.m.

CMS Made Simple 2.2.10 Cross Site Scripting

2019-05-2400:00:00
Manuel Garcia Cardenas
packetstormsecurity.com
135

0.006 Low

EPSS

Percentile

78.7%

JSON
`=============================================  
MGC ALERT 2019-002  
- Original release date: April 10, 2019  
- Last revised: May 22, 2019  
- Discovered by: Manuel Garcia Cardenas  
- Severity: 4,8/10 (CVSS Base Score)  
- CVE-ID: CVE-2019-11226  
=============================================  
  
I. VULNERABILITY  
-------------------------  
CMS Made Simple 2.2.10 - (Authenticated) Persistent Cross-Site Scripting  
  
II. BACKGROUND  
-------------------------  
CMS Made Simple (CMSMS) is a free, open source (GPL) content management  
system (CMS) to provide developers, programmers and site owners a web-based  
development and administration area.  
  
III. DESCRIPTION  
-------------------------  
Has been detected a Persistent XSS vulnerability in CMS Made Simple, that  
allows the execution of arbitrary HTML/script code to be executed in the  
context of the victim user's browser.  
  
IV. PROOF OF CONCEPT  
-------------------------  
Go to: Content -> Content Manager -> News -> Add Article  
  
And post in the m1_title parameter for example  
test"><script>alert(1)</script>  
  
The variable "m1_title" it is not sanitized, later, if some user visit the  
content in the public area, the XSS is executed, in the response you can  
view:  
  
<input type="text" id="fld1" name="m1_title"  
value="test"><script>alert(1)</script>  
  
V. BUSINESS IMPACT  
-------------------------  
An attacker can execute arbitrary HTML or Javascript code in a targeted  
user's browser, this can leverage to steal sensitive information as user  
credentials, personal data, etc.  
  
VI. SYSTEMS AFFECTED  
-------------------------  
CMS Made Simple <= 2.2.10  
  
VII. SOLUTION  
-------------------------  
Disable until a fix is available, vendor doesn't accept XSS issues inside  
admin panel.  
  
VIII. REFERENCES  
-------------------------  
https://www.cmsmadesimple.org/  
  
IX. CREDITS  
-------------------------  
This vulnerability has been discovered and reported  
by Manuel Garcia Cardenas (advidsec (at) gmail (dot) com).  
  
X. REVISION HISTORY  
-------------------------  
April 10, 2019 1: Initial release  
May 22, 2019 2: Last revision  
  
XI. DISCLOSURE TIMELINE  
-------------------------  
April 10, 2019 1: Vulnerability acquired by Manuel Garcia Cardenas  
April 10, 2019 2: Send to vendor  
April 22, 2019 3: New request, vendor doesn't accept XSS issues inside  
admin panel.  
May 22, 2019 4: Sent to lists  
  
XII. LEGAL NOTICES  
-------------------------  
The information contained within this advisory is supplied "as-is" with no  
warranties or guarantees of fitness of use or otherwise.  
  
XIII. ABOUT  
-------------------------  
Manuel Garcia Cardenas  
Pentester  
  
  
`

Related

prion 1
nvd 1
cve 1
zdt 1
cvelist 1
openvas 1
prion
prion
Cross site scripting
2019-06-05 18:29:00
nvd
nvd
CVE-2019-11226
2019-06-05 18:29:00
cve
cve
CVE-2019-11226
2019-06-05 18:29:00
zdt
zdt
CMS Made Simple 2.2.10 Cross Site Scripting Vulnerability
2019-05-28 00:00:00
cvelist
cvelist
CVE-2019-11226
2019-06-05 17:56:04
openvas
openvas
CMS Made Simple <= 2.2.12 Multiple Reflected XSS Vulnerabilities
2019-04-29 00:00:00

0.006 Low

EPSS

Percentile

78.7%

JSON
Related for PACKETSTORM:153071
prion1nvd1cve1zdt1cvelist1openvas1